Print Page | Close Window

Wildcards in HoneypotBlockedIPs???

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5825
Printed Date: 20 October 2017 at 3:16am


Topic: Wildcards in HoneypotBlockedIPs???
Posted By: raregtp
Subject: Wildcards in HoneypotBlockedIPs???
Date Posted: 11 October 2006 at 10:41am

Is is possible to use wildcards in the HoneypotBlockedIPs text file??  I have written a script that scans the previous days log file at 1 AM, looking for any addresses that doen't exist on our network.  It then tallys those in it's own flat file database.  If a non-existant address has three attempts in three days then that email address is added to the honeypot list.  Due to this my HoneypotBlockedIPs has grown very large.  I'm not experiencing any performance issues, and I reguarlary pick out IP's to make sure spammer IP's are the only ones in the list....however I can see trends where many ranges could be blocked which would help keep the list much shorter.

The other option I thought about would be to take those ranges out of the HoneypotBlockedIPs list and add them to the Blacklisted IP's list.  According to the documentation, you can add a class C range by ending the IP in .0, for example 192.12.45.0 would block that whole class C range.  In this case, my question would be....can you block a class B or class A range the same....for example, blocking the class B range I'd type 192.12.0.0??

Thanks in advance for your help!!




Replies:
Posted By: LogSat
Date Posted: 11 October 2006 at 10:53pm
Well... the HoneypotBlockedIPs file is supposed to be automatically maintained, so this is not documented... but yes, wilcards are supported. The entries are treated as text-file entries, so the wilcards are DOS-style. For ex:
192.12.*
will block the whole class B.

The Blacklisted IPs list can do the same thing, but the syntax is different... (yes, we know it's confusing, but different features were added during the years, and we did not want to break/alter past funxtionality). In this case, you should use the ".0" syntax, and you can block up to a class A:
192.0.0.0



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: raregtp
Date Posted: 12 October 2006 at 9:49am

Great....exactly what I was looking for.  Thanks!




Print Page | Close Window